MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f09d61b53f6c256a8b015a85a673d3fa5bdd05d3f220ab2e3b2a7b2883ba8ab8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f09d61b53f6c256a8b015a85a673d3fa5bdd05d3f220ab2e3b2a7b2883ba8ab8
SHA3-384 hash: 6471edaaef48106d046f5aa90d2b12e13bd1674392ab6829d2cdab28b92f73797e932d3bb323b1bf6c4e988d750299d8
SHA1 hash: 8e79d9b97d7a002e23051d1adfcde618bfafd179
MD5 hash: 69c589dd7651b698bb8e925c7f4c7c2d
humanhash: orange-oven-april-floor
File name:PO.Scanned document.js
Download: download sample
Signature AgentTesla
Create hunting rule
File size:39'471 bytes
First seen:2026-04-28 20:54:09 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 192:qHDH6+J0Sq7NMk+T7DYr58uSzESo1PdH/PO3ayzHuk/Ol9GA6e/56EhcfGuyNCgL:eDh9jf+NVuBuOCpLC+
TLSH T16C035D3C10197F46BF6522C28726B77B3F97E92173C50D84BC7666DAE2D64A09F2C0A4
Magika javascript
Reporter James_inthe_box
Tags:AgentTesla exe js

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.JS.Packed.165.20940.25324.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm fingerprint repaired
Link:
https://www.filescan.io/uploads/69f11e828a82359247b8525a/reports/d0fab120-42f7-40cf-b76e-522c8d5ebd15/overview
Verdict:
Malicious
Labled as:
SVM:TrojanDownloader/JS.MalBehav.gen
Link:
https://www.hybrid-analysis.com/sample/f09d61b53f6c256a8b015a85a673d3fa5bdd05d3f220ab2e3b2a7b2883ba8ab8
Verdict:
Malicious
File Type:
js
First seen:
2026-04-28T08:02:00Z UTC
Last seen:
2026-04-30T13:56:00Z UTC
Hits:
~1000
Detections:
Trojan.JS.SAgent.sb Trojan-Downloader.Agent.HTTP.ServerRequest HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/f09d61b53f6c256a8b015a85a673d3fa5bdd05d3f220ab2e3b2a7b2883ba8ab8/results?tab=lookup
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f09d61b53f6c256a8b015a85a673d3fa5bdd05d3f220ab2e3b2a7b2883ba8ab8
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f09d61b53f6c256a8b015a85a673d3fa5bdd05d3f220ab2e3b2a7b2883ba8ab8/
Verdict:
Malicious
Threat:
Family.REVERSELOADER
Link:
https://tip.neiki.dev/file/f09d61b53f6c256a8b015a85a673d3fa5bdd05d3f220ab2e3b2a7b2883ba8ab8
Threat name:
Win32.Trojan.Znyonm
Create hunting rule
Status:
Malicious
First seen:
2026-04-28 12:57:33 UTC
File Type:
Text (JavaScript)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6cowdnj7nqswvcyblkc2m46t7jn52bot6iqkwlr3fj5sra52rk4a._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/260428-zp4j4sew4x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Command and Scripting Interpreter: PowerShell
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Badlisted process makes network request
Family: AgentTesla
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f09d61b53f6c256a8b015a85a673d3fa5bdd05d3f220ab2e3b2a7b2883ba8ab8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments